Physical disk security with self encrypting disk – Dell PowerVault MD3220 User Manual
Page 106
106
Configuration: Disk Groups and Virtual Disks
Physical Disk Security with Self Encrypting Disk
Self encrypting disk (SED) technology prevents unauthorized access to the
data on a physical disk that is physically removed from the storage array. The
storage array has a security key. Self encrypting disks provide access to data
only through an array that has the correct security key.
The self encrypting disk or a security capable physical disk encrypts data
during writes and decrypts data during reads. For more information, see the
PowerVault Modular Disk Storage Manager online help topics.
You can create a secure disk group from security capable physical disks. When
you create a secure disk group from security capable physical disks, the
physical disks in that disk group become security enabled. When a security
capable physical disk is security enabled, the physical disk requires the correct
security key from a RAID controller module to read or write the data. All of
the physical disks and RAID controller modules in a storage array share the
same security key. The shared security key provides read and write access to
the physical disks, while the physical disk encryption key on each physical disk
is used to encrypt the data. A security capable physical disk works like any
other physical disk until it is security enabled.
Whenever the power is turned off and turned on again, all of the security-
enabled physical disks change to a security locked state. In this state, the data
is inaccessible until the correct security key is provided by a RAID controller
module.
You can view the self encrypting disk status of any physical disk in the storage
array from the Physical Disk Properties dialog. The status information
reports whether the physical disk is:
• Security Capable
• Secure—Security enabled or disabled
• Read/Write Accessible—Security locked or unlocked
You can view the self encrypting disk status of any disk group in the storage
array. The status information reports whether the storage array is:
• Security Capable
• Secure
book.book Page 106 Tuesday, June 18, 2013 2:53 PM